smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/spam_recipient_access
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unknown_recipient_domain
check_recipient_access hash:/etc/postfix/recipient_access
check_recipient_mx_access hash:/etc/postfix/mx_access
check_policy_service inet:127.0.0.1:10030
# reject_unverified_recipient # in recipient_access
# permit_tls_clientcerts # postfix 2.2
# permit_auth_destination
# check_client_access hash:/etc/mail/pop-before-smtp
# check_relay_domains
# permit_mx_backup
smtpd_data_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_pipelining
warn_if_reject reject_multi_recipient_bounce
/etc/postfix/mx_access
# IP address Verisign returns for otherwise invalid
# .com and .net domains
64.94.110.11 REJECT Verisign hijacked domain
0.0.0.0/8 REJECT Domain MX in broadcast network
10.0.0.0/8 REJECT Domain MX in RFC 1918 private network
127.0.0.0/8 REJECT Domain MX in loopback network
169.254.0.0/16 REJECT Domain MX in link local network
172.16.0.0/12 REJECT Domain MX in RFC 1918 private network
192.0.2.0/24 REJECT Domain MX in TEST-NET network
192.168.0/16 REJECT Domain MX in RFC 1918 private network
224.0.0.0/4 REJECT Domain MX in class D multicast network
240.0.0.0/5 REJECT Domain MX in class E reserved network
248.0.0.0/5 REJECT Domain MX in reserved network
/etc/postfix/recipient_access
# Do address verification for local recipients
# (don't queue mail that's recipient is invalid on final mailserver)
fjfi.cvut.cz reject_unverified_recipient
/etc/postfix/spam_recipient_access
# use postfix restriction classes to accept spam@ and nospam@ address only from local IPs